Frequently asked questions on using ISMS.online

ISMS.online makes it easy to grant your auditor remote access to your ISMS. You can create users for individuals within the auditing organisation and define the areas of your ISMS that are accessible to your auditor.

ISMS.online comes with all of the pre-built work areas that you need to achieve certification with ISO 27001, but we have a number of add-ons which will make the implementation and management of your ISMS even easier.

• Policy Packs allow you to elegantly publish relevant parts of your ISMS in a ‘kindle like fashion’ to others and allows them to easily demonstrate their compliance. With fast-moving threats and changes to business regulation, dynamically updating your Policies and ensuring compliance to amendments very quickly is essential
• Virtual Coach – Deliver focused and fast implementation success. A complimentary service delivering expert yet practical guidance, including our Assured Results Method (ARM)
• Accounts – Achieve information security in the supply chain with a joined-up approach to supplier management

Our organisation, platform, and UK data centres hold UKAS accredited ISO 27001:2103 certification. The data centres have a duplicate system failover in case of loss. We also hold a number of other complementary accreditations and certifications because of our work with the UK Government. This means we conduct regular CHECK penetration tests of the services and have additional responsibilities that go beyond ISO 27001. This gives our customers security and assurance in our solution and cloud services. Read more about our security credentials.

Our primary data centre hosting supplier, based in the UK, has world-class information security measures and certifications in place. We also have data centres in the USA and Australia that adhere to the same high standards.

Hourly and daily snapshots of data are taken and we retain data for at least 28 days. Backed up data is protected with an encryption scheme that meets or exceeds that which we have specified within A.10.1.1 of our ISO 27001 controls.

We retain your data for one-month post-termination. This gives you ample time to export or copy any information out of your environment.

The short answer is yes. We currently offer a range of exports and reports and your information can be downloaded during your ISMS.online journey or in the event you choose to unsubscribe.

Editing of policies is normally done within ISMS.online, in the workspace provided (with full revision/audit trail). We recommend using this workspace wherever possible as you can create links to other relevant areas of the platform for visibility and speedy access. In some instances, you may choose to upload documents to ISMS.online. The version control features allow for documents to be ‘checked-out’ to show other users they are being worked on and then uploaded as a new version. Whichever method you choose to manage your policies, full revision history and version control is taken care of.

Yes. You can copy and paste them directly into the Notes areas within your ISO 27001 (or GDPR) framework, or you can upload a document. Either way, you’ll have a full audit trail of date, time and revisions.

Yes, users can easily import assets, risks and supply chain accounts to ISMS.online. ISMS.online users can simply complete the provided import templates and we’ll do the rest.

Our platform supports all standard file formats including Word, Excel, pdf, video, sound, ppt, png, and many more. You can also hyperlink to existing documentation in your Google Drive or Shared folders.

Our online platform is designed for easy team working and management overview, and as such, most of your ISMS work will be undertaken on the platform. Clusters and Dashboards make light of management reviews and committee meetings by bringing your ISMS together in one place. Using Clusters and Dashboards allows you to save time on reporting performance or chasing on progress, by providing a clear view of outstanding actions, progress and information relating to your ISMS. This will enable you and your colleagues to inform important decisions and practice continual improvement. ISMS.online recognises the need for external reporting and, therefore, there are a number of reporting and exporting options which are available in MS Word, Excel and PDF format depending on the nature of the report being requested. You can also take a screenshot, using your browser print screen options. Examples of exports and reports available in ISMS.online include:

• The policies and controls export, which includes links to any attached documents
• The risk management, applicable legislation & interested parties tables
• Measurement and KPI reports
• The Gantt chart, which allows you to view the critical path for your policies and controls

ISMS.online allows organisations to effortlessly create multiple users at once. User details can be imported to your organisation, and it is even possible to define when you would like newly created users to receive their ISMS.online welcome email.

ISMS.online supports SSO using SAML 2.0. Our list of identity providers is ever-growing. Examples of the identity providers supported by ISMS.online include Google, Microsoft Azure Active Directory and Okta.

Our cost-effective solutions are based on usage, users and scope. Your annual platform licence will come with a set number of ‘Regular’ users, subject to that scope, and will always have the option to add extras.   Some individuals within your organisation will be accessing the platform on a regular basis to work on your ISMS. These users are ‘Regular’ users and include policy creators, approvers, your ISMS management board, and possibly risk and incident owners. Staff within your organisation will read and demonstrate policy compliance and observe ISMS updates. They may also work on a short-term project in ISMS.online such as an HR Induction Programme. Users conducting only these sort of activities are ‘occasional’ users. ‘Occasional’ users can be created for a nominal fee as part of your ISMS.online subscription. For those subscribing to the Staff Training Engagement package, which includes our popular Policy Pack feature, 15 occasional users come included as standard and there is an option to add extra if needed. You can request your personalised quotation here.

Whilst our system is really easy and intuitive to use, it does cover a large and complex subject matter. It also contains a huge amount of IP in terms of our methodologies, policies and controls. For this reason, it’s currently not available in a test environment. We’d love to conduct a recorded demo and if you love the system but are still worried, a trial period can be discussed. Clearly, we all need to know what success looks like so that we can support you in achieving your goals.

We currently only promote our SaaS version of the software on the website. We can offer an on-premise option by exception but it is much more expensive than our SaaS offering for obvious reasons and would require some upfront consulting work too.

The Common Controls are a way to harmonize differences in wording across the Authority Documents (ISO27K, NIST, HIPPA, SOX, etc.) and as such may be relevant to large, multi-national organisations. The ISMS.online platform does not currently support Common Controls, however, we do support various frameworks and powerful linking between them.

You can subscribe to our newsletter here. You may also be notified about changes whilst using ISMS.online.